Advertisement
captmicro

notepad.exe load call chain

Jan 4th, 2013
336
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.69 KB | None | 0 0
  1. CreateProcess called...
  2. Process: 0x84377d40
  3. ProcessId: 0xb94
  4. CreateInfo:
  5. Parent Process Id: 0x874
  6. Image File Name: '\??\C:\Windows\system32\notepad.exe'
  7. Command Line: '"C:\Windows\system32\notepad.exe" '
  8. Flags: 0x1
  9. Image loaded...
  10. Full Image Name: '\Windows\System32\notepad.exe'
  11. ProcessId: 0x874
  12. ImageInfo:
  13. Image Base: 0x3f00000
  14. Image Selector: 0x0
  15. Image Size: 0x30000
  16. Image Section Number: 0x0
  17. Properties:
  18. Image Addressing Mode: 0x3
  19. System Mode Image: 0x0
  20. Image Mapped To All Pids: 0x0
  21. Extended Info Present: 0x1
  22. Reserved: 0x0
  23. Image loaded...
  24. Full Image Name: '\Device\HarddiskVolume2\Windows\System32\notepad.exe'
  25. ProcessId: 0xb94
  26. ImageInfo:
  27. Image Base: 0x4a0000
  28. Image Selector: 0x0
  29. Image Size: 0x30000
  30. Image Section Number: 0x0
  31. Properties:
  32. Image Addressing Mode: 0x3
  33. System Mode Image: 0x0
  34. Image Mapped To All Pids: 0x0
  35. Extended Info Present: 0x1
  36. Reserved: 0x0
  37. Image loaded...
  38. Full Image Name: '\Windows\System32\notepad.exe'
  39. ProcessId: 0x874
  40. ImageInfo:
  41. Image Base: 0x3f00000
  42. Image Selector: 0x0
  43. Image Size: 0x30000
  44. Image Section Number: 0x0
  45. Properties:
  46. Image Addressing Mode: 0x3
  47. System Mode Image: 0x0
  48. Image Mapped To All Pids: 0x0
  49. Extended Info Present: 0x1
  50. Reserved: 0x0
  51. Image loaded...
  52. Full Image Name: '\Windows\System32\notepad.exe'
  53. ProcessId: 0x874
  54. ImageInfo:
  55. Image Base: 0x3f00000
  56. Image Selector: 0x0
  57. Image Size: 0x30000
  58. Image Section Number: 0x0
  59. Properties:
  60. Image Addressing Mode: 0x3
  61. System Mode Image: 0x0
  62. Image Mapped To All Pids: 0x0
  63. Extended Info Present: 0x1
  64. Reserved: 0x0
  65. Image loaded...
  66. Full Image Name: '\Windows\System32\notepad.exe'
  67. ProcessId: 0x874
  68. ImageInfo:
  69. Image Base: 0x3f00000
  70. Image Selector: 0x0
  71. Image Size: 0x30000
  72. Image Section Number: 0x0
  73. Properties:
  74. Image Addressing Mode: 0x3
  75. System Mode Image: 0x0
  76. Image Mapped To All Pids: 0x0
  77. Extended Info Present: 0x1
  78. Reserved: 0x0
  79. Image loaded...
  80. Full Image Name: '\Windows\System32\notepad.exe'
  81. ProcessId: 0x874
  82. ImageInfo:
  83. Image Base: 0x3f00000
  84. Image Selector: 0x0
  85. Image Size: 0x30000
  86. Image Section Number: 0x0
  87. Properties:
  88. Image Addressing Mode: 0x3
  89. System Mode Image: 0x0
  90. Image Mapped To All Pids: 0x0
  91. Extended Info Present: 0x1
  92. Reserved: 0x0
  93. Image loaded...
  94. Full Image Name: '\Windows\System32\notepad.exe'
  95. ProcessId: 0x874
  96. ImageInfo:
  97. Image Base: 0x3f00000
  98. Image Selector: 0x0
  99. Image Size: 0x30000
  100. Image Section Number: 0x0
  101. Properties:
  102. Image Addressing Mode: 0x3
  103. System Mode Image: 0x0
  104. Image Mapped To All Pids: 0x0
  105. Extended Info Present: 0x1
  106. Reserved: 0x0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement